Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

post-Infection of Antimalware Doctor problems


  • This topic is locked This topic is locked
15 replies to this topic

#1 stander

stander

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 14 May 2010 - 12:20 PM

After removing the virus program I am left with problems, most notably with Internet browers. Google Chrome now does not even work. PC is slower it seems

People have had the same problem as me on this forum, and similarly GMER has picked up on atapi.sys file being changed.

thanks in advance



DDS (Ver_10-03-17.01) - NTFSx86
Run by Admin at 17:30:23.13 on 14/05/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.3325.1753 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Vtune\TBPANEL.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Admin\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [TBPanel] c:\program files\vtune\TBPanel.exe /A
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [AdobeBridge]
uRun: [Google Update] "c:\users\admin\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-10-2 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 68168]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-2 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-10-2 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-2 56816]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-1-11 240232]
S2 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2009-9-29 68136]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2010-4-21 25832]

=============== Created Last 30 ================

2010-05-14 05:14:02 0 d-----w- c:\programdata\WindowsSearch
2010-05-14 05:09:58 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-05-14 05:09:46 0 d-----w- c:\users\admin\appdata\roaming\SUPERAntiSpyware.com
2010-05-14 05:09:46 0 d-----w- c:\program files\SUPERAntiSpyware
2010-05-14 04:42:44 0 d-----w- c:\program files\Trend Micro
2010-05-14 03:54:04 0 d-----w- c:\users\admin\appdata\roaming\Uniblue
2010-05-14 03:06:35 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-05-14 03:04:45 0 d-----w- c:\programdata\Sun
2010-05-14 03:04:35 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-12 06:18:39 738304 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-07 19:52:46 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-05-05 21:57:05 0 d-----w- c:\program files\Veetle
2010-05-04 20:27:38 0 d-----w- c:\users\admin\appdata\roaming\TS3Client
2010-05-04 20:27:20 0 d-----w- c:\program files\TeamSpeak 3 Client
2010-04-27 13:54:02 0 d-----w- C:\BraCa Soft
2010-04-21 03:21:33 0 d-----w- c:\programdata\BioWare
2010-04-21 02:00:30 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-15 13:33:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 13:33:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 13:33:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 13:33:28 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 13:33:28 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 13:33:05 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-04-15 13:33:02 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 13:33:01 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-15 13:33:01 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-15 13:32:17 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-15 13:30:23 98304 ----a-w- c:\windows\system32\cabview.dll

==================== Find3M ====================

2010-05-14 15:10:23 52623 ----a-w- c:\programdata\nvModes.dat
2010-05-14 15:10:17 16608 ----a-w- c:\windows\gdrv.sys
2010-05-14 00:58:47 137256 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-14 00:58:38 218808 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-13 20:06:33 85628 ----a-w- c:\windows\fonts\Univers LT 47 Condensed Light.ttf
2010-05-13 20:06:33 84556 ----a-w- c:\windows\fonts\Univers LT 45 Light.ttf
2010-05-13 20:06:33 61008 ----a-w- c:\windows\fonts\Univers LT 45 Light Oblique.ttf
2010-05-13 20:06:33 59540 ----a-w- c:\windows\fonts\Univers LT 47 Condensed Light Oblique.ttf
2010-05-13 20:06:33 47572 ----a-w- c:\windows\fonts\Univers LT 53 Extended Oblique.ttf
2010-05-13 20:06:33 38500 ----a-w- c:\windows\fonts\Univers LT 49 Light Ultra Condensed.ttf
2010-05-13 20:06:33 38396 ----a-w- c:\windows\fonts\Univers LT 39 Thin Ultra Condensed.ttf
2010-05-06 09:36:38 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-29 14:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-08 10:19:34 138056 ----a-w- c:\users\admin\appdata\roaming\PnkBstrK.sys
2010-03-08 10:19:14 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-08 10:19:14 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-20 09:34:41 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-20 09:34:41 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-01-20 09:34:32 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-02 13:30:55 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 17:31:05.44 ===============

Attached Files


Edited by stander, 14 May 2010 - 03:48 PM.


BC AdBot (Login to Remove)

 


#2 stander

stander
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 14 May 2010 - 03:48 PM

anyone ?

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our MRT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the MRT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 14 May 2010 - 05:19 PM.


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:21 PM

Posted 15 May 2010 - 10:30 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 stander

stander
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 16 May 2010 - 06:29 PM

thanks for taking your time and helping me myrti. here are the results of the scan

OTL

OTL logfile created on: 17/05/2010 00:18:32 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Admin\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 291.55 Gb Free Space | 31.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADMIN-PC
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/17 00:16:41 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2010/05/07 20:52:38 | 003,475,856 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\Xfire.exe
PRC - [2010/04/12 17:29:28 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jp2launcher.exe
PRC - [2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2010/01/11 22:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/08/19 11:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 11:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/05/12 15:43:30 | 002,158,592 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/24 11:16:02 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/21 03:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe


========== Modules (SafeList) ==========

MOD - [2010/05/17 00:16:41 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
MOD - [2010/05/07 20:52:48 | 000,962,448 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\xfire_toucan_42628.dll
MOD - [2008/01/21 03:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/21 03:33:17 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dll
MOD - [2008/01/21 03:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/21 03:16:11 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- c:\Program Files\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2010/01/11 22:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/10/13 00:40:29 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/10/04 23:18:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/12/09 01:15:26 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/05/16 22:38:08 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010/05/06 17:10:20 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/16 03:54:05 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/01/12 05:03:33 | 011,586,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/12/10 17:16:18 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/11/04 03:21:04 | 000,083,296 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008/10/16 08:08:10 | 000,134,144 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/07/24 11:03:46 | 002,158,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/21 03:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 03:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TBPanel.sys -- (Cardex)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4019480004-3811171360-112392978-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.overclockers.co.uk [binary data]
IE - HKU\S-1-5-21-4019480004-3811171360-112392978-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.overclockers.co.uk [binary data]
IE - HKU\S-1-5-21-4019480004-3811171360-112392978-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-4019480004-3811171360-112392978-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4019480004-3811171360-112392978-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4019480004-3811171360-112392978-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2009/10/04 23:06:52 | 000,000,791 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-4019480004-3811171360-112392978-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4019480004-3811171360-112392978-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-4019480004-3811171360-112392978-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4019480004-3811171360-112392978-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-4019480004-3811171360-112392978-1001..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe ()
O4 - HKU\S-1-5-21-4019480004-3811171360-112392978-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-4019480004-3811171360-112392978-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.133.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-4019480004-3811171360-112392978-1001 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 03:46:39 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/17 00:16:38 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2010/05/14 06:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/05/14 06:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/05/14 06:09:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\SUPERAntiSpyware.com
[2010/05/14 06:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/14 05:52:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\New Folder
[2010/05/14 05:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/14 05:28:39 | 000,157,696 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\Admin\Desktop\JavaRa.exe
[2010/05/14 04:54:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Uniblue
[2010/05/14 04:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/14 04:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/14 04:04:35 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/14 04:04:35 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/14 04:04:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/14 04:04:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/05/14 00:58:10 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/05/14 00:58:10 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/05/14 00:58:10 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/05/14 00:58:10 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/05/14 00:58:10 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/05/14 00:58:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/05/14 00:58:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/05/14 00:58:10 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/05/14 00:58:09 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/05/14 00:58:08 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/05/14 00:58:08 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/05/14 00:58:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/05/14 00:58:08 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/05/14 00:58:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/05/14 00:58:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/05/14 00:57:11 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/05/14 00:57:11 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/05/14 00:57:11 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010/05/14 00:57:11 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/05/14 00:57:11 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/05/14 00:57:11 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/05/14 00:57:11 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010/05/14 00:57:11 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010/05/14 00:57:10 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/05/14 00:57:10 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010/05/14 00:57:10 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010/05/14 00:57:10 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/05/14 00:57:10 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010/05/14 00:57:10 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/05/14 00:57:10 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/05/14 00:57:10 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/05/14 00:57:09 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/05/14 00:57:09 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/05/14 00:57:09 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/05/14 00:57:09 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010/05/14 00:57:08 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/05/14 00:57:08 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/05/14 00:57:08 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/05/14 00:57:08 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010/05/14 00:57:07 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2010/05/14 00:57:07 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010/05/14 00:57:07 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2010/05/13 21:23:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\TOP40 MyFonts.com
[2010/05/05 22:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2010/05/05 17:53:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\FM Genie Scout 10
[2010/05/04 21:27:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\TS3Client
[2010/05/04 21:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2010/04/27 14:54:02 | 000,000,000 | ---D | C] -- C:\BraCa Soft
[2010/04/21 04:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\BioWare
[2010/04/21 03:00:30 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/04/21 02:08:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Square Enix

========== Files - Modified Within 30 Days ==========

[2010/05/17 00:18:48 | 003,145,728 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT
[2010/05/17 00:16:41 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2010/05/16 23:36:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4019480004-3811171360-112392978-1001UA.job
[2010/05/16 22:42:43 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/16 22:42:43 | 000,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/16 22:42:43 | 000,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/16 22:38:19 | 000,052,623 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/05/16 22:38:12 | 000,052,623 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/05/16 22:38:08 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\gdrv.sys
[2010/05/16 22:37:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/16 22:37:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/16 22:37:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/16 22:37:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/16 22:37:48 | 3487,031,296 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/15 17:31:43 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/05/15 17:31:43 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/05/15 13:45:30 | 002,507,172 | -H-- | M] () -- C:\Users\Admin\AppData\Local\IconCache.db
[2010/05/15 04:36:00 | 000,000,854 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4019480004-3811171360-112392978-1001Core.job
[2010/05/15 02:28:07 | 003,689,229 | ---- | M] () -- C:\Users\Admin\Desktop\ComboFix.exe
[2010/05/14 22:32:12 | 000,218,808 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010/05/14 18:58:01 | 000,137,256 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/05/14 17:29:29 | 000,284,915 | ---- | M] () -- C:\Users\Admin\Desktop\gmer.zip
[2010/05/14 17:29:15 | 000,525,824 | ---- | M] () -- C:\Users\Admin\Desktop\dds.scr
[2010/05/14 17:28:13 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe
[2010/05/14 17:20:35 | 000,145,408 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/14 06:09:50 | 000,000,902 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/14 05:42:44 | 000,001,948 | ---- | M] () -- C:\Users\Admin\Desktop\HiJackThis.lnk
[2010/05/14 04:31:54 | 000,002,042 | ---- | M] () -- C:\Users\Admin\Desktop\Google Chrome.lnk
[2010/05/14 04:06:36 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2010/05/14 00:18:27 | 003,048,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/13 21:25:36 | 000,296,472 | ---- | M] () -- C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/11 19:32:10 | 000,002,237 | ---- | M] () -- C:\Users\Public\Desktop\FMRTE.lnk
[2010/05/07 20:52:46 | 000,041,872 | ---- | M] () -- C:\Windows\System32\xfcodec.dll
[2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/05/04 21:27:21 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/05/15 02:28:00 | 003,689,229 | ---- | C] () -- C:\Users\Admin\Desktop\ComboFix.exe
[2010/05/14 17:35:14 | 000,293,376 | ---- | C] () -- C:\Users\Admin\Desktop\gmer.exe
[2010/05/14 17:29:27 | 000,284,915 | ---- | C] () -- C:\Users\Admin\Desktop\gmer.zip
[2010/05/14 17:29:13 | 000,525,824 | ---- | C] () -- C:\Users\Admin\Desktop\dds.scr
[2010/05/14 17:28:13 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe
[2010/05/14 06:09:50 | 000,000,902 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/14 05:42:44 | 000,001,948 | ---- | C] () -- C:\Users\Admin\Desktop\HiJackThis.lnk
[2010/05/14 05:28:39 | 000,245,103 | ---- | C] () -- C:\Users\Admin\Desktop\JavaRa.def
[2010/05/14 04:31:54 | 000,002,042 | ---- | C] () -- C:\Users\Admin\Desktop\Google Chrome.lnk
[2010/05/14 04:31:33 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4019480004-3811171360-112392978-1001UA.job
[2010/05/14 04:31:32 | 000,000,854 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4019480004-3811171360-112392978-1001Core.job
[2010/05/14 04:06:35 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/05/14 00:58:09 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/05/07 20:52:46 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010/05/04 21:27:21 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010/04/27 14:54:22 | 000,002,237 | ---- | C] () -- C:\Users\Public\Desktop\FMRTE.lnk
[2010/02/01 08:59:22 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ArtFfct.dll
[2010/01/20 05:12:53 | 000,000,287 | ---- | C] () -- C:\Windows\game.ini
[2009/12/17 04:42:30 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/10/21 23:17:01 | 000,137,256 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/10/21 22:32:31 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/10/09 00:01:32 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/10/02 20:16:41 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/09/29 01:43:07 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: AGP440.SYS >
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\$INPLACE.~TR\Machine\DATA\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 03:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/21 03:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/21 03:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\drivers\nvraid.sys
[2008/01/21 03:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008/01/21 03:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 03:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/21 03:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2008/01/21 03:34:26 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/21 03:34:22 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/01/16 03:54:05 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2009/10/02 04:10:05 | 011,894,784 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2009/10/02 04:10:02 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2009/10/02 04:10:06 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2009/10/02 04:10:10 | 016,367,616 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2009/10/02 04:10:12 | 006,623,232 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/23 12:32:31 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 12:32:36 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 12:32:33 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2010/05/14 18:58:01 | 000,137,256 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/02/18 15:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2010/02/18 12:52:00 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys
< End of report >


EXTRAS

OTL Extras logfile created on: 17/05/2010 00:18:32 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Admin\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 291.55 Gb Free Space | 31.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADMIN-PC
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4019480004-3811171360-112392978-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C1019EA6-5021-46EF-993B-0E2CB2E35990}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E94A249A-DE88-4BB3-A8FC-9BB8BF4997B9}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{F0D281A7-AEDB-4697-A6A4-8765252EC995}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BCFAB3-F975-44BA-8821-3675FAE2EAE3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{04119367-365B-4038-9CED-995988B7CA4A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{09822F7B-D78A-4188-B6C0-30E6904A58B4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
"{09E28E5A-ADA7-42C2-9D07-AD2FE0F9265D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe |
"{0D77D8AB-1CBA-4D51-8B76-C8BD4F650059}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{15B0416B-8F83-42CD-A984-3F3F5A8894CD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war gold\w40kwa.exe |
"{180A8E8B-9EAA-4102-B5D9-F7FEAD3FD30A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\just cause 2 demo\justcause2.exe |
"{189A58F9-CB2B-4A9F-A4D8-3D80F619F24A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war gold\w40k.exe |
"{1A06B5BA-AAC5-422A-A242-7B538AF5D61B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{2068E2C8-E308-4816-B38B-37DE1DC59D55}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe |
"{2B1709EE-4DFC-4086-BC27-2B13603BCD7F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2F0302BF-6A63-46D8-9620-8AAA326F1E11}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{35F8D16E-5568-46A4-9B8B-BD872546E2B4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty\codmp.exe |
"{38ED7800-8A7B-4441-A933-A282A033EB35}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{396E7940-315A-4E9F-8192-6839B0A5FE1E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dirt 2\dirt2.exe |
"{3D04BD11-AE2C-46AF-8EC9-A3802AEACF7A}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{3DB3C748-FCFB-44AE-946C-C628F7C30CDC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty\codsp.exe |
"{3E4F9DC8-88E5-4A0F-9894-4C0A6B4B04DA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
"{40542A7D-4A3F-4F4A-96DE-26A2B52C48BA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{440E14CE-A310-4014-902C-7B7306A86444}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2010\fm.exe |
"{47F8774F-93C3-42B3-AA8A-6D0845D1C963}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4A0B4323-F4EA-45D9-8C1E-C22E073DDE1A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty\codmp.exe |
"{57ABA765-FBE6-491E-87C7-0DBB5B542C9B}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{58AACF4B-A26C-4945-A169-EFE39483ABD6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war gold\w40k.exe |
"{68F61BE3-9999-472F-97CD-661352466EF2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
"{6A23740A-2599-4DE5-A5A7-52F1946185DE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\just cause 2 demo\justcause2.exe |
"{6AD13D01-EF89-4199-9A9A-9AA1DCD8E104}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6BC1E41E-7197-41F1-BC9E-88F116B14252}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{6EF9EEF5-65B6-4737-96D8-0A37046BBE5D}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{736205B3-A3C5-42A6-B5E6-77186360F7B4}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2 - beta\bfbc2betaupdater.exe |
"{7810F957-C699-4CD2-96A0-28ADCFCCE60E}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{78C8DD1A-2F7A-4FA1-A671-D3DD0E83C0CA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{7A82F4F2-8EAA-4DB3-9719-4E2540D3553D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{84F5BD49-42EC-4C58-9035-4C0CECF7E633}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{904A3FF2-84A1-46B8-8A07-CCA81F1B0EEC}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2 - beta\bfbc2betaupdater.exe |
"{913270FB-FC2A-41C0-9982-8D078C6577BA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator demo\avp.exe |
"{94DA5EC2-67D1-4791-94B9-DF3D5E8CF93B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
"{96C6C0C7-A97A-4937-842B-4EAFF7728455}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9767E787-CA98-4B00-AA5C-8374D556B097}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{9F930E29-D70F-4636-B70C-31A7F31F76E3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dirt 2\dirt2.exe |
"{A4E5A2B0-AD7F-4979-AB38-605C4DCDEA4B}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{A547FF64-73CF-41E2-8E5E-30D9A3EFE978}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2010\fm.exe |
"{A5E5FAE0-0D2A-4A81-A451-03FA9C8DAC8A}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{A9344528-50D3-40DF-9D42-514AF260B9B0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
"{AD3369BD-807D-4A09-ADD2-7E5117F22E35}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{B3684DB2-8E65-4311-96AE-3835D82A7D3F}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B461824F-CCAF-421D-863F-76CF608F85F1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BB74E7FA-D1F3-42DD-8CA6-4C34780F2A35}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{C86F5D2E-C63C-4D49-84E1-8DAC8FA7768D}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{CA2D8F7A-6237-4232-AA87-37167A0F868C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{D2E509FD-A476-4C43-B2FD-01F251C0908D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator demo\avp.exe |
"{D928337B-7089-4240-A53F-FFEB39ADB159}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E2725CDF-863F-4605-A9B2-1DD500BAEDE6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{E5EAE476-157D-4ABB-8649-5FE1B189B196}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{E7BDF993-9B03-4029-9EA2-F04D43727234}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{ED462A66-75E2-4046-8827-5E5DEDF5F4C2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war gold\w40kwa.exe |
"{F0672A27-5A21-4B4A-8CC5-24AF1FE4304F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{F9500EAE-CF7F-4FB0-843A-4CF568043A80}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
"{FD309E72-D1F1-4FC4-9216-6382F6F4678F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty\codsp.exe |
"{FEFEF9D2-7A67-405F-A62B-7ED96F2926E3}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{0C80663A-A2F4-4EB1-A5CC-8BED3660B1FB}C:\program files\steam\steamapps\ruption88\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\ruption88\counter-strike source\hl2.exe |
"TCP Query User{14CB7645-2C6D-4A97-9E90-623CF02A68E5}C:\program files\electronic arts\battlefield bad company 2 - beta\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2 - beta\bfbc2game.exe |
"TCP Query User{1A014FBC-23DF-4A60-A98E-0C5D4A856205}C:\program files\steam\steamapps\ruption88\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\ruption88\counter-strike\hl.exe |
"TCP Query User{3156BB89-44EC-4F64-9CCE-2B83F90E5884}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{46FF748C-D803-42AA-9D89-80390169AD54}C:\program files\steam\steamapps\ruption88\insurgency\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\ruption88\insurgency\hl2.exe |
"TCP Query User{55B0750E-9563-4616-962D-B64878C54BF8}C:\program files\steam\steamapps\common\operations flashpoint dragon rising - demo\ofdr demo.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\operations flashpoint dragon rising - demo\ofdr demo.exe |
"TCP Query User{5ADAB3CF-28EC-41AA-82F6-A6F391009E78}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{6245F654-062E-4AF4-BDD3-61E8D17A2D6E}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{6B2BE0DE-FADD-4CA0-A0C2-43DFC11D28FB}C:\program files\steam\steamapps\common\dirt 2\dirt2_game.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dirt 2\dirt2_game.exe |
"TCP Query User{720C93FD-4329-463E-A1CA-563919FD71F9}C:\users\admin\documents\downloads\war_trial_downloader.exe" = protocol=6 | dir=in | app=c:\users\admin\documents\downloads\war_trial_downloader.exe |
"TCP Query User{786FEFDC-AE11-4EE2-8DFA-508158E375DB}C:\program files\steam\steamapps\ruption88\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\ruption88\day of defeat source\hl2.exe |
"TCP Query User{8E46EAF7-8E9C-48BF-9432-EE7F6B32353B}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{8ED16BDD-D540-44BB-B946-DBA9C5725D72}C:\program files\steam\steamapps\ruption88\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\ruption88\team fortress 2\hl2.exe |
"TCP Query User{9383FCE4-EDFA-4098-AB69-BB649729361D}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{A0C9A68F-C579-46D4-8EFC-10E25944227A}C:\program files\dfpinger\dfbhdpinger\dfbhdpinger.exe" = protocol=6 | dir=in | app=c:\program files\dfpinger\dfbhdpinger\dfbhdpinger.exe |
"TCP Query User{B40F7D4D-FC3B-4BC5-983D-F0C4E6D3E40E}C:\program files\novalogic\delta force black hawk down\dfbhd.exe" = protocol=6 | dir=in | app=c:\program files\novalogic\delta force black hawk down\dfbhd.exe |
"TCP Query User{C116077A-0322-43C2-AF50-31B17B165BC2}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C9831140-6A8D-431C-B330-6E7B7C91222B}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{CF36905F-37E0-4EFA-8567-3D01B8639BFD}C:\users\admin\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{02114E6A-CEDC-45ED-95DC-D179D9E1D121}C:\program files\steam\steamapps\ruption88\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\ruption88\team fortress 2\hl2.exe |
"UDP Query User{0FDC4B6D-566C-4BB0-B25E-FAE97E8F0928}C:\program files\steam\steamapps\ruption88\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\ruption88\counter-strike\hl.exe |
"UDP Query User{1F0E56E6-CD80-44E4-9D89-0ADEF13C5610}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{340008D4-132E-44AD-A18F-E6E4BF602AD1}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{342A4855-851D-487F-843E-D907D1E1A4C4}C:\program files\novalogic\delta force black hawk down\dfbhd.exe" = protocol=17 | dir=in | app=c:\program files\novalogic\delta force black hawk down\dfbhd.exe |
"UDP Query User{359E7487-E743-4441-A307-0DF4F4EB60D5}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{39F1B08E-8264-40D5-B958-89BB44B224F8}C:\users\admin\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{4A3A8C3E-E252-4884-A474-96FF75D9FD15}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5E4E5B0C-F639-4B7D-AC37-9B94AD9D6737}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{721737A3-C977-489B-A0C1-3BB168AF4F3B}C:\program files\steam\steamapps\common\operations flashpoint dragon rising - demo\ofdr demo.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\operations flashpoint dragon rising - demo\ofdr demo.exe |
"UDP Query User{74DF1A24-AA8F-4467-BB94-949EDCA4B387}C:\program files\steam\steamapps\ruption88\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\ruption88\day of defeat source\hl2.exe |
"UDP Query User{7AE57297-8537-43D1-B11B-E890CC7A502E}C:\program files\steam\steamapps\ruption88\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\ruption88\counter-strike source\hl2.exe |
"UDP Query User{8929AC42-AB41-4D3C-B761-1902AB7BAC29}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{8BCF68EB-D4D0-4237-AADA-757F412ED1BC}C:\users\admin\documents\downloads\war_trial_downloader.exe" = protocol=17 | dir=in | app=c:\users\admin\documents\downloads\war_trial_downloader.exe |
"UDP Query User{B7F9E15B-72F3-4145-A05B-F60407FBA46D}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{CE34991D-FBB2-4ED0-849C-698B25AB049B}C:\program files\steam\steamapps\common\dirt 2\dirt2_game.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dirt 2\dirt2_game.exe |
"UDP Query User{D595C0C0-2B6A-42EC-BB58-B8E094459EAC}C:\program files\dfpinger\dfbhdpinger\dfbhdpinger.exe" = protocol=17 | dir=in | app=c:\program files\dfpinger\dfbhdpinger\dfbhdpinger.exe |
"UDP Query User{F2B1BEA0-6AE4-4354-B556-4E090FFE2EF7}C:\program files\steam\steamapps\ruption88\insurgency\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\ruption88\insurgency\hl2.exe |
"UDP Query User{F37DE4AB-16F7-4157-9216-44F21074EF7F}C:\program files\electronic arts\battlefield bad company 2 - beta\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2 - beta\bfbc2game.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22C29E59-2EF5-4B64-9B7F-9F7A69BC7D1A}" = FMRTE
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 20
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64CCBE26-A8EE-4D34-87BE-2AF3E5489574}" = Nepheton
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty® 2 Patch 1.3
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.1208.1
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BC975AF9-0C87-4361-8F4B-FBEF2FC7B3A9}" = Drumazon
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Artillery2" = Artillery2
"Arturia CS-80V_is1" = Arturia CS-80V v1.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Circle_is1" = Circle
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"GFORCE_SOFTWARE_MINIMONSTA_RTAS_VSTi_v1.06-PLZ" = GFORCE_SOFTWARE_MINIMONSTA_RTAS_VSTi_v1.06-PLZ
"impOSCar" = GForce - impOSCar
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Basic)
"Live 8.1" = Live 8.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Native Instruments Service Center" = Native Instruments Service Center
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Robotronic" = Robotronic
"Steam App 10" = Counter-Strike
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 12840" = DiRT 2
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"Steam App 17450" = Dragon Age: Origins
"Steam App 17460" = Mass Effect
"Steam App 17700" = Insurgency
"Steam App 240" = Counter-Strike: Source
"Steam App 24980" = Mass Effect 2
"Steam App 2620" = Call of Duty
"Steam App 300" = Day of Defeat: Source
"Steam App 34000" = Football Manager 2010
"Steam App 34200" = Aliens vs Predator Demo
"Steam App 35110" = Just Cause 2 Demo
"Steam App 40140" = Supreme Commander 2 Demo
"Steam App 440" = Team Fortress 2
"Steam App 4570" = Warhammer 40,000: Dawn of War
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unique" = Unique
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Vogue" = Vogue
"Vtune_is1" = Vtune 7.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WOW" = WOW
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4019480004-3811171360-112392978-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/05/2010 01:09:45 | Computer Name = Admin-PC | Source = SPP | ID = 16387
Description =

Error - 14/05/2010 01:09:45 | Computer Name = Admin-PC | Source = System Restore | ID = 8193
Description =

Error - 14/05/2010 01:16:37 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, time stamp 0x4bd40a55,
faulting module chrome.dll, version 4.1.249.1064, time stamp 0x4bd409f2, exception
code 0xc0000005, fault offset 0x006a1b80, process id 0x1294, application start time
0x01caf322c59e5e61.

Error - 14/05/2010 03:49:17 | Computer Name = Admin-PC | Source = SPP | ID = 16387
Description =

Error - 14/05/2010 03:49:17 | Computer Name = Admin-PC | Source = System Restore | ID = 8193
Description =

Error - 14/05/2010 03:49:17 | Computer Name = Admin-PC | Source = System Restore | ID = 8210
Description =

Error - 14/05/2010 05:50:47 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 14/05/2010 11:11:41 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 14/05/2010 12:37:57 | Computer Name = Admin-PC | Source = Perflib | ID = 1010
Description =

Error - 14/05/2010 13:38:44 | Computer Name = Admin-PC | Source = Application Hang | ID = 1002
Description = The program Xfire.exe version 1.0.0.13133 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 9d0 Start Time: 01caf3778e5e00f6 Termination Time: 4

[ System Events ]
Error - 26/02/2010 07:16:36 | Computer Name = Admin-PC | Source = HTTP | ID = 15016
Description =

Error - 27/02/2010 00:03:39 | Computer Name = Admin-PC | Source = HTTP | ID = 15016
Description =

Error - 27/02/2010 07:33:18 | Computer Name = Admin-PC | Source = HTTP | ID = 15016
Description =

Error - 28/02/2010 10:35:07 | Computer Name = Admin-PC | Source = HTTP | ID = 15016
Description =

Error - 02/03/2010 09:56:58 | Computer Name = Admin-PC | Source = HTTP | ID = 15016
Description =

Error - 02/03/2010 23:22:01 | Computer Name = Admin-PC | Source = HTTP | ID = 15016
Description =

Error - 03/03/2010 05:27:41 | Computer Name = Admin-PC | Source = HTTP | ID = 15016
Description =

Error - 03/03/2010 23:57:21 | Computer Name = Admin-PC | Source = HTTP | ID = 15016
Description =

Error - 04/03/2010 13:10:56 | Computer Name = Admin-PC | Source = HTTP | ID = 15016
Description =

Error - 04/03/2010 23:53:06 | Computer Name = Admin-PC | Source = HTTP | ID = 15016
Description =


< End of report >


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:21 PM

Posted 17 May 2010 - 09:35 AM

Hi,

you have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run TDSSKiller and post the log in your next reply:
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 stander

stander
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 17 May 2010 - 12:43 PM

I'd like to do as much as possible and use reformat as last resort if that's ok, I was infected with that virus that tries to claim i've broken copyright laws and scam that way a couple of weeks ago but i thought I got rid of that but maybe that left horribles as well.

here is the log

18:37:04:338 7912 TDSS rootkit removing tool 2.3.0.0 May 12 2010 18:11:17
18:37:04:338 7912 ================================================================================
18:37:04:338 7912 SystemInfo:

18:37:04:338 7912 OS Version: 6.0.6001 ServicePack: 1.0
18:37:04:338 7912 Product type: Workstation
18:37:04:338 7912 ComputerName: ADMIN-PC
18:37:04:338 7912 UserName: Admin
18:37:04:338 7912 Windows directory: C:\Windows
18:37:04:338 7912 Processor architecture: Intel x86
18:37:04:338 7912 Number of processors: 8
18:37:04:338 7912 Page size: 0x1000
18:37:04:338 7912 Boot type: Normal boot
18:37:04:338 7912 ================================================================================
18:37:04:341 7912 UnloadDriverW: NtUnloadDriver error 2
18:37:04:341 7912 ForceUnloadDriverW: UnloadDriverW(klmd23) error 2
18:37:04:444 7912 wfopen_ex: Trying to open file C:\Windows\system32\config\system
18:37:04:444 7912 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
18:37:04:444 7912 wfopen_ex: Trying to KLMD file open
18:37:04:444 7912 wfopen_ex: File opened ok (Flags 2)
18:37:04:467 7912 wfopen_ex: Trying to open file C:\Windows\system32\config\software
18:37:04:467 7912 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
18:37:04:467 7912 wfopen_ex: Trying to KLMD file open
18:37:04:467 7912 wfopen_ex: File opened ok (Flags 2)
18:37:04:467 7912 KLAVA engine initialized
18:37:07:307 7912 Initialize success
18:37:07:307 7912
18:37:07:307 7912 Scanning Services ...
18:37:07:955 7912 Raw services enum returned 403 services
18:37:07:961 7912
18:37:07:962 7912 Scanning Drivers ...
18:37:08:214 7912 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
18:37:08:297 7912 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
18:37:08:340 7912 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:37:08:388 7912 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:37:08:398 7912 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:37:08:421 7912 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:37:08:436 7912 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
18:37:08:461 7912 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:37:08:494 7912 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:37:08:538 7912 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:37:08:563 7912 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:37:08:569 7912 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:37:08:608 7912 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:37:08:657 7912 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:37:08:710 7912 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:37:08:746 7912 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:37:08:778 7912 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:37:08:785 7912 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
18:37:08:901 7912 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
18:37:09:028 7912 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
18:37:09:095 7912 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\Windows\system32\DRIVERS\avipbb.sys
18:37:09:172 7912 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:37:09:270 7912 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:37:09:318 7912 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
18:37:09:346 7912 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:37:09:352 7912 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:37:09:383 7912 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:37:09:393 7912 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:37:09:403 7912 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:37:09:409 7912 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:37:09:421 7912 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:37:09:469 7912 Cardex (04e1c782cf14b7282ebc633b0fd3ed16) C:\Windows\system32\drivers\TBPANEL.SYS
18:37:09:478 7912 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:37:09:492 7912 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
18:37:09:516 7912 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:37:09:554 7912 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
18:37:09:584 7912 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:37:09:626 7912 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
18:37:09:651 7912 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:37:09:672 7912 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:37:09:690 7912 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
18:37:09:698 7912 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
18:37:09:736 7912 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:37:09:781 7912 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
18:37:09:810 7912 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:37:09:818 7912 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
18:37:09:838 7912 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:37:09:848 7912 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:37:09:855 7912 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
18:37:09:881 7912 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
18:37:09:888 7912 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:37:09:902 7912 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:37:09:909 7912 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:37:09:915 7912 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:37:09:923 7912 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
18:37:09:931 7912 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:37:09:952 7912 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:37:09:971 7912 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\Windows\gdrv.sys
18:37:09:988 7912 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:37:09:999 7912 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:37:10:021 7912 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:37:10:030 7912 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:37:10:049 7912 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
18:37:10:068 7912 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:37:10:108 7912 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys
18:37:10:138 7912 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:37:10:148 7912 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:37:10:164 7912 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:37:10:173 7912 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:37:10:227 7912 IntcAzAudAddService (c3c499a704a2d7958d9d7e5a9db60ce4) C:\Windows\system32\drivers\RTKVHDA.sys
18:37:10:267 7912 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:37:10:279 7912 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:37:10:286 7912 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:37:10:297 7912 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:37:10:306 7912 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:37:10:313 7912 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:37:10:320 7912 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:37:10:338 7912 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
18:37:10:344 7912 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:37:10:350 7912 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:37:10:386 7912 JRAID (a324485106f133e751f4b7f47c4be3ea) C:\Windows\system32\drivers\jraid.sys
18:37:10:408 7912 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:37:10:415 7912 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
18:37:10:434 7912 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
18:37:10:448 7912 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:37:10:474 7912 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:37:10:485 7912 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:37:10:496 7912 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:37:10:503 7912 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:37:10:514 7912 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:37:10:535 7912 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:37:10:544 7912 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:37:10:565 7912 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:37:10:578 7912 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:37:10:584 7912 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:37:10:591 7912 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:37:10:617 7912 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:37:10:642 7912 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:37:10:650 7912 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:37:10:657 7912 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
18:37:10:699 7912 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:37:10:711 7912 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:37:10:751 7912 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:37:10:776 7912 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
18:37:10:787 7912 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:37:10:809 7912 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:37:10:816 7912 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:37:10:843 7912 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:37:10:850 7912 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:37:10:856 7912 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:37:10:883 7912 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
18:37:10:899 7912 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:37:10:924 7912 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:37:10:931 7912 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
18:37:10:973 7912 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
18:37:10:985 7912 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
18:37:10:997 7912 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:37:11:019 7912 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:37:11:046 7912 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
18:37:11:063 7912 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:37:11:071 7912 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:37:11:087 7912 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
18:37:11:118 7912 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:37:11:126 7912 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
18:37:11:157 7912 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:37:11:179 7912 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
18:37:11:220 7912 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:37:11:226 7912 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:37:11:502 7912 nvlddmkm (712d98d35e68d0006b121f4a3b8ee814) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:37:11:644 7912 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:37:11:665 7912 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:37:11:686 7912 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:37:11:725 7912 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
18:37:11:751 7912 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:37:11:759 7912 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
18:37:11:768 7912 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:37:11:794 7912 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
18:37:11:802 7912 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
18:37:11:828 7912 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:37:11:864 7912 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:37:11:885 7912 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:37:11:913 7912 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:37:11:945 7912 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
18:37:11:982 7912 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:37:12:005 7912 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:37:12:025 7912 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:37:12:032 7912 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:37:12:038 7912 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:37:12:055 7912 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
18:37:12:071 7912 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
18:37:12:080 7912 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
18:37:12:089 7912 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:37:12:112 7912 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:37:12:120 7912 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:37:12:128 7912 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
18:37:12:157 7912 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:37:12:175 7912 RTL8169 (f8dd92a9293d366b181d81151f437114) C:\Windows\system32\DRIVERS\Rtlh86.sys
18:37:12:244 7912 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:37:12:279 7912 SASKUTIL (4fd72291a89793049104ca0a7e353cd4) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:37:12:286 7912 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:37:12:294 7912 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:37:12:300 7912 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:37:12:332 7912 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:37:12:339 7912 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:37:12:355 7912 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:37:12:361 7912 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:37:12:367 7912 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:37:12:373 7912 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:37:12:380 7912 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:37:12:386 7912 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:37:12:393 7912 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:37:12:416 7912 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
18:37:12:466 7912 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:37:12:502 7912 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
18:37:12:502 7912 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
18:37:12:521 7912 srv (8e5fc19b3b38364c5f44ccecec5248e9) C:\Windows\system32\DRIVERS\srv.sys
18:37:12:542 7912 srv2 (4ceeb95e0b79e48b81f2da0a6c24c64b) C:\Windows\system32\DRIVERS\srv2.sys
18:37:12:550 7912 srvnet (f9c65e1e00a6bbf7c57d9b8ea068c525) C:\Windows\system32\DRIVERS\srvnet.sys
18:37:12:565 7912 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:37:12:571 7912 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:37:12:595 7912 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:37:12:602 7912 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:37:12:613 7912 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:37:12:635 7912 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\Windows\system32\drivers\TBPanel.sys
18:37:12:671 7912 Tcpip (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\drivers\tcpip.sys
18:37:12:695 7912 Tcpip6 (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\DRIVERS\tcpip.sys
18:37:12:707 7912 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
18:37:12:732 7912 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:37:12:738 7912 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:37:12:745 7912 tdx (28d607c9be2660857673e56585f31ded) C:\Windows\system32\DRIVERS\tdx.sys
18:37:12:746 7912 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tdx.sys. Real md5: 28d607c9be2660857673e56585f31ded, Fake md5: d09276b1fab033ce1d40dcbdf303d10f
18:37:12:746 7912 File "C:\Windows\system32\DRIVERS\tdx.sys" infected by TDSS rootkit ... 18:37:12:848 7912 Backup copy found, using it..
18:37:12:875 7912 will be cured on next reboot
18:37:12:881 7912 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
18:37:12:902 7912 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:37:12:908 7912 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:37:12:914 7912 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
18:37:12:920 7912 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:37:12:939 7912 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
18:37:12:948 7912 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:37:12:969 7912 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:37:12:977 7912 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:37:12:985 7912 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:37:12:992 7912 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:37:13:028 7912 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:37:13:036 7912 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:37:13:044 7912 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
18:37:13:055 7912 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
18:37:13:081 7912 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:37:13:088 7912 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
18:37:13:125 7912 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:37:13:131 7912 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:37:13:139 7912 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:37:13:158 7912 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:37:13:165 7912 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:37:13:172 7912 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:37:13:179 7912 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:37:13:186 7912 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:37:13:202 7912 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
18:37:13:215 7912 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
18:37:13:239 7912 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:37:13:247 7912 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:37:13:270 7912 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:37:13:273 7912 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:37:13:279 7912 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:37:13:290 7912 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:37:13:303 7912 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:37:13:311 7912 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:37:13:312 7912 Reboot required for cure complete..
18:37:13:318 7912 Cure on reboot scheduled successfully
18:37:13:318 7912
18:37:13:318 7912 Completed
18:37:13:318 7912
18:37:13:318 7912 Results:
18:37:13:319 7912 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
18:37:13:319 7912 File objects infected / cured / cured on reboot: 1 / 0 / 1
18:37:13:319 7912
18:37:13:319 7912 fclose_ex: Trying to close file C:\Windows\system32\config\system
18:37:13:319 7912 fclose_ex: Trying to close file C:\Windows\system32\config\software
18:37:13:319 7912 UnloadDriverW: NtUnloadDriver error 1
18:37:13:320 7912 KLMD(ARK) unloaded successfully


#7 stander

stander
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 17 May 2010 - 03:05 PM

Also when I pressed enter at the end of that scan I got a Blue Screen then pc restarted, I'm not sure if thats what was supposed to happen or not.

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:21 PM

Posted 17 May 2010 - 05:27 PM

Hi,

no the BSOD was not anticipated. However the log looks promising. How is your PC doing?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 stander

stander
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 17 May 2010 - 05:36 PM

Google chrome works! I hadn't checked and I guess a few other things that probably didn't work before now do.

You mentioned I can't really trust my pc anymore, does that mean that security is still comprimised by that rootkit even though it was removed?

Is there anything else I need to do ?

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:21 PM

Posted 17 May 2010 - 07:08 PM

Hi,

there is a slight risk remaining, that some of the infection may remain. As said before if you need 100% security that the infection was removed it would be better to reformat. if 99.9% are enough, then we should be good.

I would like you to run a scan with Eset next to check for possible leftovers:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

You said many things are working now, what isn't working?
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 stander

stander
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 17 May 2010 - 08:59 PM

running scan now.

in regards to things not working, the only problem I encountered was internet browser related and that seems to be fixed now.

after this is all deemed clean would you advise upgrading to vista SP2?

#12 stander

stander
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 18 May 2010 - 01:45 AM

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\7ab02891-349e7e0a multiple threats deleted - quarantined
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-11abf71c a variant of Java/TrojanDownloader.Agent.NAN trojan deleted - quarantined


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:21 PM

Posted 18 May 2010 - 11:57 AM

Hi,

the log is looking good. smile.gif Since all your problems seem to be solved I would suggest that we finish by removing the programs we used:
Please do the following to clean up your PC:
  1. Delete the tools used during the disinfection:
  2. Uninstall ComboFix.exe And all Backups of the files it deleted
    • Click START then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTC from the following mirror and save it to your desktop:
    • Double click on
    • Push the large "Cleanup" button.
    • Allow your system to reboot.
  3. If OTC faild to remove all programs from your Desktop, please delete the rest manually.
Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing sad.gif.
Some more links you might find of interest:
I would also encourage to update to SP2 as soon as possible, yes.
Have a nice day
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 stander

stander
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 21 May 2010 - 07:18 AM

Never ran a ComboFix myrti, did we need to ?

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:21 PM

Posted 21 May 2010 - 08:44 AM

Hi,

very sorry. Somehow I ended up thinking we ran ComboFix instead of TDSSKiller. No, there is no need to run it. Both tools remove the infection you had , so you should be fine. smile.gif Please just skip that step.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users